![]() ![]() Anything less than a perfect connection will cause tunneled traffic to be affected far more than it would be if it were not tunneled through the SSH connection. The reason why it's a reliability issue is because of a phenomenon called head-of-line blocking. I admit I've done stuff like this while I was learning and wanted to take advantage of all the stuff I had in my home lab, but over time I think most of us come to the conclusion that you develop a reputation for building reliable stuff by putting things where they're supposed to go. Just get a pair of vyos images or something and install one on each side of the connection. If you really want to split up your load balancer from your web servers over the WAN, the right way to do this is to build a VPN between the two. why? Stick your production stuff on production servers. > Can I use this with Nginx as a load balancer and handle multiple domains? Look, as someone who once built a layer 2 bridge using SSH to support an office move, I can honestly say that this is not going to be reliable enough for anything production related. Just because something is encrypted doesn't mean that SSL is involved. > Does this include an SSL certificate as it is already encrypted with SSH? > How reliable is this for hosting a website by pushing all web traffic through an SSH tunnel? I like the convenience of having basically zero things set up on the VPS VM. My needs are mostly for small files, so it doesn't bother me. The SSH TCP tunnel doesn't care.)Īs for performance, yea it's probably a bit slow for large files. (the "Host"-header in the HTTP requests or SNI in HTTPS requests distinguishes the domains. You could host multiple domains with an Nginx on your home server, indeed. "ps aux | grep -v grep | grep 'sshd: ' | awk -silent -output /dev/null ) Ssh -i /home/pi/.ssh/id_rsa_tunnel -p 22 \ # Kill existing sessions, as they might be occupying the port Occasionally the connection drops, so I have the following script in cron run every 2 minutes to check if the tunnel has gone down, and restart it if so: #!/bin/bash For HTTPS I run LetsEncrypt on my home server. A home server (Raspberry Pi) SSH'ing out to a vanilla DigitalOcean Ubuntu VM. I've been doing this exact setup for 5 years, and I've been happy with it. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |